I'm getting a do_patch error with this change: ERROR: epiphany-3.34.4-r0 do_patch: Applying patch 'CVE-2022-29536.patch' on target directory '/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/epiphany/3.34.4-r0/epiphany-3.34.4' Command Error: 'quilt --quiltrc /home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/epiphany/3.34.4-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output: Applying patch CVE-2022-29536.patch patching file lib/ephy-string.c Hunk #1 FAILED at 115. 1 out of 1 hunk FAILED -- rejects in file lib/ephy-string.c Patch CVE-2022-29536.patch does not apply (enforce with -f)
I took a quick look at failing file, and it is indeed slightly different than what the patch assumes. Steve On Thu, Jun 30, 2022 at 8:48 AM Minjae Kim <[email protected]> wrote: > > Fix memory corruption in ephy_string_shorten() > > Upstream-Status: Backport > [https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106] > CVE: CVE-2022-29536 > > Signed-off-by:Minjae Kim <[email protected]> > --- > .../recipes-gnome/epiphany/epiphany_3.34.4.bb | 3 +- > .../epiphany/files/CVE-2022-29536.patch | 45 +++++++++++++++++++ > 2 files changed, 47 insertions(+), 1 deletion(-) > create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch > > diff --git a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb > b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb > index e2afb29c12..6f04324d4e 100644 > --- a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb > +++ b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb > @@ -16,7 +16,8 @@ REQUIRED_DISTRO_FEATURES = "x11 opengl" > > SRC_URI = > "${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive > \ > file://0002-help-meson.build-disable-the-use-of-yelp.patch \ > - " > + file://CVE-2022-29536.patch \ > + " > SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b" > SRC_URI[archive.sha256sum] = > "60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d" > > diff --git a/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch > b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch > new file mode 100644 > index 0000000000..c2160b471d > --- /dev/null > +++ b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch > @@ -0,0 +1,45 @@ > +From 79725738500917cf5e4d829c76753cfb4c68be7f Mon Sep 17 00:00:00 2001 > +From: Michael Catanzaro <[email protected]> > +Date: Fri, 15 Apr 2022 18:09:46 -0500 > +Subject: [PATCH] Fix memory corruption in ephy_string_shorten() > + > +This fixes a regression that I introduced in > 232c613472b38ff0d0d97338f366024ddb9cd228. > + > +I got my browser stuck in a crash loop today while visiting a website > +with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only > +condition in which ephy_string_shorten() is ever used. Turns out this > +commit is wrong: an ellipses is a multibyte character (three bytes in > +UTF-8) and so we're writing past the end of the buffer when calling > +strcat() here. Ooops. > + > +Shame it took nearly four years to notice and correct this. > + > +Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106> > + > +Upstream-Status: Backport > [https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106] > +Signed-off-by:Minjae Kim <[email protected]> > +--- > + lib/ephy-string.c | 5 ++--- > + 1 file changed, 2 insertions(+), 3 deletions(-) > + > +diff --git a/lib/ephy-string.c b/lib/ephy-string.c > +index 509490c86..d678803ad 100644 > +--- a/lib/ephy-string.c > ++++ b/lib/ephy-string.c > +@@ -115,11 +115,10 @@ ephy_string_shorten (char *str, > + /* create string */ > + bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - > 1) - str); > + > +- /* +1 for ellipsis, +1 for trailing NUL */ > +- new_str = g_new (gchar, bytes + 1 + 1); > ++ new_str = g_new (gchar, bytes + strlen ("?~@?") + 1); > + > + strncpy (new_str, str, bytes); > +- strcat (new_str, "?~@?"); > ++ strncpy (new_str + bytes, "?~@?", strlen ("?~@?") + 1); > + > + g_free (str); > + > +-- > +2.25.1 > + > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167680): https://lists.openembedded.org/g/openembedded-core/message/167680 Mute This Topic: https://lists.openembedded.org/mt/92093509/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
